[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Assertion failed at crypto.c:149

  • Subject: Re: [Openvpn-users] Assertion failed at crypto.c:149
  • From: "James Yonan" <jim@xxxxxxxxx>
  • Date: Wed, 2 Jun 2004 14:18:10 -0000
Jon Bendtsen <jon.bendtsen@xxxxxxxxxx> said:

> Wed Jun  2 13:23:12 2004 OpenVPN 2.0_beta2 powerpc-apple-darwin7.4.0 
> [SSL] [LZO] built on May 27 2004
> Wed Jun  2 13:23:12 2004 WARNING: file 'sample-keys/client.key' is 
> group or others accessible
> Wed Jun  2 13:23:12 2004 Control Channel MTU parms [ L:1541 D:138 EF:38 
> EB:0 ET:0 EL:0 ]
> Wed Jun  2 13:23:12 2004 Data Channel MTU parms [ L:1541 D:1450 EF:41 
> EB:0 ET:0 EL:0 ]
> Wed Jun  2 13:23:12 2004 Local Options String: 'V3,dev-type 
> tun,link-mtu 1541,tun-mtu 1500,proto UDPv4,cipher BF-CBC,auth 
> SHA1,keysize 128,key-method 2,tls-client'
> Wed Jun  2 13:23:12 2004 Expected Remote Options String: 'V3,dev-type 
> tun,link-mtu 1541,tun-mtu 1500,proto UDPv4,cipher BF-CBC,auth 
> SHA1,keysize 128,key-method 2,tls-server'
> Wed Jun  2 13:23:12 2004 Local Options hash (VER=V3): 'a0f1c7ed'
> Wed Jun  2 13:23:12 2004 Expected Remote Options hash (VER=V3): 
> 'b319fa3e'
> Wed Jun  2 13:23:12 2004 Socket Buffers: R=[42080->65536] 
> S=[9216->65536]
> Wed Jun  2 13:23:12 2004 UDPv4 link local (bound): 192.168.119.162:5000
> Wed Jun  2 13:23:12 2004 UDPv4 link remote: 192.168.119.135:5000
> Wed Jun  2 13:23:12 2004 TLS: Initial packet from 192.168.119.135:5000, 
> sid=2e010c5c 26b06532
> Wed Jun  2 13:23:12 2004 VERIFY OK: depth=1, 
> /C=US/ST=CO/L=Denver/O=NTLP/CN=Test-CA/emailAddress=jim@xxxxxxxx
> Wed Jun  2 13:23:12 2004 VERIFY OK: depth=0, 
> /C=US/ST=CO/O=NTLP/CN=Test-Server/emailAddress=jim@xxxxxxxx
> Wed Jun  2 13:23:13 2004 WARNING: Actual Remote Options ('V3,dev-type 
> tun,link-mtu 1573,tun-mtu 1532,proto UDPv4,cipher BF-CBC,auth 
> SHA1,keysize 128,key-method 2,tls-server') are inconsistent with 
> Expected Remote Options ('V3,dev-type tun,link-mtu 1541,tun-mtu 
> 1500,proto UDPv4,cipher BF-CBC,auth SHA1,keysize 128,key-method 
> 2,tls-server')
> Wed Jun  2 13:23:13 2004 Data Channel Encrypt: Cipher 'BF-CBC' 
> initialized with 128 bit key
> Wed Jun  2 13:23:13 2004 Data Channel Encrypt: Using 160 bit message 
> hash 'SHA1' for HMAC authentication
> Wed Jun  2 13:23:13 2004 Data Channel Decrypt: Cipher 'BF-CBC' 
> initialized with 128 bit key
> Wed Jun  2 13:23:13 2004 Data Channel Decrypt: Using 160 bit message 
> hash 'SHA1' for HMAC authentication
> Wed Jun  2 13:23:13 2004 Control Channel: TLSv1, cipher TLSv1/SSLv3 
> EDH-RSA-DES-CBC3-SHA, 1024 bit RSA
> Wed Jun  2 13:23:13 2004 [Test-Server] Peer Connection Initiated with 
> 192.168.119.135:5000
> Wed Jun  2 13:23:14 2004 SENT CONTROL [Test-Server]: 'PUSH_REQUEST' 
> (status=1)
> Wed Jun  2 13:23:14 2004 PUSH: Received control message: 
> 'PUSH_REPLY,route 10.8.0.1 255.255.255.255,ifconfig 10.8.0.6 10.8.0.5'
> Wed Jun  2 13:23:14 2004 OPTIONS IMPORT: --ifconfig/up options modified
> Wed Jun  2 13:23:14 2004 OPTIONS IMPORT: route options modified
> Wed Jun  2 13:23:14 2004 gw 192.168.119.135
> Wed Jun  2 13:23:14 2004 TUN/TAP device /dev/tun0 opened
> Wed Jun  2 13:23:14 2004 /sbin/ifconfig tun0 delete
> Wed Jun  2 13:23:14 2004 NOTE: Tried to delete pre-existing tun/tap 
> instance -- No Problem if failure
> Wed Jun  2 13:23:14 2004 /sbin/ifconfig tun0 10.8.0.6 10.8.0.5 mtu 1500 
> netmask 255.255.255.255 up
> Wed Jun  2 13:23:14 2004 /sbin/route add -net 10.8.0.1 10.8.0.5 
> 255.255.255.255
> add net 10.8.0.1: gateway 10.8.0.5
> Wed Jun  2 13:27:47 2004 Assertion failed at crypto.c:149
> Wed Jun  2 13:27:47 2004 Exiting
> 
> 
> There has been no trafic over the line. i will test with pings.
> If i pinged from both sides it was still up almost 20 minutes before i 
> killed the ping from the server
> ping from client to server stadig up
> 
> The windows client gave exactly the same assertion error with a unused 
> tunnel. (after just 2? minutes)
> And now the server says:
> Wed Jun  2 14:00:26 2004 read UDPv4 [ECONNREFUSED]: Connection refused 
> (code=111)
> Wed Jun  2 14:00:37 2004 read UDPv4 [ECONNREFUSED]: Connection refused 
> (code=111)
> Wed Jun  2 14:00:48 2004 read UDPv4 [ECONNREFUSED]: Connection refused 
> (code=111)
> Doesnt the servers tunnel time out ?
> Wed Jun  2 14:02:04 2004 Test-Client/192.168.119.232:5000 Inactivity 
> timeout (--inactive), exiting
> Wed Jun  2 14:02:04 2004 Test-Client/192.168.119.232:5000 MULTI: 
> multi_close_instance called
> apparently it does.
> 
> the server also gave me a
> Wed Jun  2 13:54:08 2004 Test-Client/192.168.119.232:5000 NOTE: failed 
> to empirically measure MTU (requires 1.5-beta8 or higher at other end 
> of connection).
> but i am using openvpn2.0 beta2 at both ends.
> 
> 14:05	Mac client that pings still has tunnel ip. Switching to server 
> side pings
> 
> Wed Jun  2 14:04:13 2004 Test-Client/192.168.119.232:5000 SENT CONTROL 
> [Test-Client]: 'PUSH_REPLY,route 10.8.0.1 255.255.255.255,ifconfig 
> 10.8.0.10 10.8.0.9' (status=1)
> Wed Jun  2 14:07:24 2004 read UDPv4 [ECONNREFUSED]: Connection refused 
> (code=111)
> ...
> Wed Jun  2 14:08:15 2004 read UDPv4 [ECONNREFUSED]: Connection refused 
> (code=111)
> Wed Jun  2 14:08:19 2004 Test-Client/192.168.119.232:5000 NOTE: failed 
> to empirically measure MTU (requires 1.5-beta8 or higher at other end 
> of connection).
> Wed Jun  2 14:08:25 2004 read UDPv4 [ECONNREFUSED]: Connection refused 
> (code=111)
> 
> this error comes at or a after the windows client dies. (the middle 
> line)
> 
> 14:15	mac client still running when server pings mac client.
> 
> One could say that of course the link dies when it isnt used, but what 
> i dont like is that it dies with an assertion error.
> It could say "link unused, closing"

Actually, that error has nothing to do with the fact that the link is mostly
unused.

It looks like some kind of framing or dynamic buffer sizing error that should
have been caught before the code hit the assertion.  Take a look at the
"WARNING: Actual Remote Options ..." message above.  That shows an
inconsistency in the MTU values being used on either side of the connection. 
That's most likely the culprit.

It would help if you shared your config files, with suitable address masking
of course.

James


____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2004-06/msg00048.html on line 308

Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2004-06/msg00048.html on line 308